package org.example;

import java.sql.*;

public class AuthService {
    public static User authenticate(String userId, String password) {
        String query = "SELECT * FROM user WHERE id = ? AND password_hash = ?";
        String hashedPassword = PasswordUtil.hashPassword(password);

        try (Connection conn = DBConnector.getConnection();
             PreparedStatement stmt = conn.prepareStatement(query)) {

            stmt.setString(1, userId);
            stmt.setString(2, hashedPassword);
            ResultSet rs = stmt.executeQuery();

            if (rs.next()) {
                return new User(
                        rs.getString("id"),
                        rs.getString("name"),
                        rs.getString("password_hash"),
                        rs.getString("role")
                );
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
        return null;
    }
}
